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Formstack Submission For: Security Breach Notifications 
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Business Name: 

Atwood & Moore - Attorneys at Law 

Business Address: 


Foreign Business Address: 


Company Type: 

Other 

Your Name: 

James Giszczak 

Title: 

Member 

Contact Address: 

McDonald Hopkins PLC 

39533 Woodward Avenue, Suite 318 
Bloomfield Hills, MI 48304 

Foreign Contact Address: 


Telephone Number: 

(248)220-1354: 

Extension: 


Email Address: 

jgiszczak@mcdonaldhopkins.com 


Relationship to Org: 


Other 




















Breach Type: 


Electronic 


Date Breach was Discovered: 

Number of Massachusetts 
Residents Affected: 

Person responsible for data 
breach.: 


02/09/2018 


Please give a detailed 
explanation of how the data 
breach occurred.: 


Please select the type of personal 
information that was included in 
the breached data.: 

Please check ALL of the boxes 
that apply to your breach.: 

For breaches involving paper: A 
} lock or security mechanism was 
used to physically protect the 
data.: 

Physical access to systems 
containing personal information 
was restricted to authorized 
personnel only.: 

Network configuration of 
breached system: 


Unknown 


On October 28, 2017, Atwood & Moore learned that an 
employee may have been the victim of a business email 
compromise. On February 9, 2018, the extensive forensic 
investigation and document review concluded that one Atwood 
& Moore employee email account had been potentially 
compromised and that an unknown individual may have had 
access, via that compromised email account, to personal 
information belonging to current and former clients, and some 
employees. The unauthorized party was potentially able to 
access personal information of one Massachusetts resident, 
including name, social security number and bank account 
information. 


Financial Account Numbers = Selection(s) 

Social Security Numbers = Selection(s) 

The breach was a result of a malicious/criminal act. 
Selection(s) 


Internet Access Available 
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For breaches involving electronic 
systems, complete the following: 

Personal information stored on the breached system was 
password-protected and/or restricted by user permissions. = 
Selection(s) 

All Massachusetts residents 
affected by the breach have been 
notified of the breach.: 

Yes 

Method(s) used to notify 
Massachusetts residents affected 
by the breach (check ail that 
apply):: 

US Mai 1 - Selections) 

Date notices were first sent to 
Massachusetts residents 
(MM/DD/YYYY): 

03/09/2018 

All Massachusetts residents 
affected by the breach have been 
offered complimentary credit 
monitoring services 

Yes 

Law enforcement has been 
notified of this data breach.: 

No 

Please describe how your 
company responded to the 
breach, include what changes 
were made or may be made to 
prevent another similar breach 
from occurring.: 

Since learning of the possible breach, Atwood & Moore 
conducted an internal investigation and forensic investigation, 
notified the affected Massachusetts resident, and offered credit 
monitoring services to the affect resident. Further, Atwood and 
Moore took rest the passwords for all users involved, as well as 
for all employees. Atwood and Moore provided updated training 
to all employees regarding recognizing and avoiding phishing 
attacks. Atwood and Moore uses an outside information 
technology firm to monitor its systems and network traffic for 
potentially malicious activity. 

Copyright ©2018 Formstack, LLC. All rights reserved. This is a customer service email. 

Ponnstacb, 8604 Allisonville Road, Suite 300, Indianapolis, IN 46250 
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Monge, Elaine (SCA) 


From: Czuprynski, Christine <cczuprynski@mcdonaldhopkins.com> 

Sent: Monday, March 12, 2018 11:45 AM 

To: Breaches, Data (SCA) 

Subject: Security Breach Notification 

Attachments: Atwood and Moore — Notification to MA OCABR (7268075x7AB84).pdf; Atwood and 

Moore -- MA Template Notice Ltr (7268008x7AB84).pdf 


To Whom it May Concern: 

Attached please find the security breach notification submitted online on behalf of Atwood & Moore. Attached also 
please find the notice letter template for the impacted Massachusetts resident. 

Thank you, 

Chris 


Christine Czuprynski 
Counsel 

T: 248.220.1360 39533 Woodward Avenue 

cczuprvnski@mcdonaldhopkins.com Suite 318 

www.mcdonaldhopkins.com Bloomfield Hills, Ml 48304 

^^^^Hopkins 

A business advisory and advocacy law firm® 
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Mass.gov 


Data Breach Notification Submission 

Data Breach Notification Submission 


Instructions: Please complete the form below to submit a data breach notification to the 
Office of Consumer Affairs and Business Regulation. You can also print this submission for 
your own records. Please note under M.G.L. C93H, a separate notification must be sent to the 
Attorney General’s Office. 

If you're mailing your submission, piease send to: Office of Consumer Affairs and Business 
Regulation, 501 Boylston St, Suite 5100, Boston, MA 02116 


Individual breaches affecting multiple debit/credit card holders of your organization 
can be reported on a monthly basis. 

Please do not include any personally identifiable information for Massachusetts 
residents in any of the fields. 


Section I: Organization & Contact 
Information 


Business Name* 

Atwood & Moore - Attorneys at Law 


https://www.mass.gov/forms/data-breach-notification-submission 
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Business Address (optional) 


City 



State 


ZIP Code 


Foreign Business Address (optional) 


If your business is located outside the United States, enter the address here 


Company Type* 

■ Other [v| 

Your Name* 

James 

First Name 

Giszczak 
Lost Name 


https://www.mass.gov/forms/data-breach-notification-submission 
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Title * 

Member 

Contact Address (optional) 

McDonald Hopkins PLC 

39533 Woodward Avenue, Suite 318 

Bloomfield Hills 

City 

a 

State 

48304 

ZIP Code 

Foreign Contact Address (optional) 


If yarn contact address is outside the United States, enter the address here 


Telephone Number* 
(248)220-1354 

Extension (optional) 


https://www.mass.gov/forms/data-breach-notification-submission 
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Email Address* 


jgiszczak@mcdonaldhopkins.com 


Relationship to Org* 

Other jvj 


Section II: Breach Information 


Breach Type' 


Electronic 


Date Breach was Discovered * 

02[vj : ‘ 09 jv] 2018 jv| 


Number of Massachusetts Residents Affected* 


1 


Person responsible for data breach. * 


Unknown 



Please give a detailed explanation of how the data breach occurred.* 


https://www.mass.gov/forms/data-breach-notification-submission 
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On. October 28, 2017, Atwood & Moore learned that an employee may have been the victim of a business email 
compromise. On February 9, 2018, the extensive forensic investigation and document review concluded that one 
Atwood & Moore employee email account had been potentially compromised and that an unknown individual may 
have had access, via that compromised email account, to personal information belonging to current and former 
clients, and some employees. The unauthorized party was potentially able to access personal information of one 
Massachusetts resident, including name, social security number and bank account information. 


Please select the type of personal information that was included in the breached data. * 

| i Selcction(s) 


Financial Account Numbers ] 

0 

. Social Security Numbers j 

0 

Driver's License 

□ 

Credit/Debit Card Number 

□ 


Please check ALL of the boxes that apply to your breach. * 


Selection(s) 


The person(s) with possession of personal information had \ 

authorized access j 

□ 

The breach was a result of a malicious/criminal act. \ 

j .... t . 

0 

The breach occurred while the data was being transported j p-j 

outside of your premises. ) 

The breach occurred at the location of a third party service ( 

provider. \ 

□ 

j i 


https://www.mass,gov/forms/data-breach-notification-submission 
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There Is a written contract in place with the third-party provider 
requiring protection of personal information. 


□ 



Section III: Security Environment 


For breaches involving paper: A lock or security mechanism was used to physically protect 
the data.* 

□ Yes 

□ No 

0 N/A 


Physical access to systems containing personal information was restricted to authorized 
personnel only.* 

□ Yes 

□ No 

0 n/a 


Network configuration of breached system * 


Internet Access Available 


•0 


For breaches involving electronic systems, complete the following" 


Selcction(s) 


Breached data was encrypted. j 


The key to encrypted data was stolen. ; 




□ 


https ://www.mass.gov/forms/data-breach-notification-submission 
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Personal information stored on the breached system was 
password-protected and/or restricted by user permissions. 


n/a 


Section IV: Remediation 


All Massachusetts residents affected by the breach have been notified of the breach.* 
E2 Yes 
□ No 


Method(s) used to notify Massachusetts residents affected by the breach (check all that 
apply): * 

j Selections) 

E-maii ; d 

{ US Mail : 0 

Online posting ; L3 

TV/Radio publication D 

Other ; Lj I 


Date notices were first sent to Massachusetts residents (MM/DD/YYYY)* 


https://www.mass.gov/forms/data-breach-notification-submission 


3/12/2018 
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03 


3 V 


09IV 


2018 V 


All Massachusetts residents affected by the breach have been offered complimentary credit 
monitoring services. * 

0 Yes 

□ No 


Law enforcement has been notified of this data breach. * 
□ Yes 
0 No 


Please describe how your company responded to the breach. Include what changes were 
made or may be made to prevent another similar breach from occurring.* 

Since learning of the possible breach, Atwood & Moore conducted an internal investigation and forensic 
investigation, notified the affected Massachusetts resident, and offered credit monitoring services to the affect 
resident. Further, Atwood and Moore took rest the passwords for all users involved, as well as for all employees. 
Atwood and Moore provided updated training to all employees regarding recognizing and avoiding phishing 
attacks. Atwood and Moore uses an outside information technology firm to monitor its systems and network traffic 
for potentially malicious activity. 


Any documents pertaining to the data breach including the letter being sent to the 
Massachusetts residents must be sent via email to data.breaches@state.ma.us 
Please do not include any personally identifiable information for Massachusetts 
residents in any email attachment. 

Individual breaches affecting multiple debit/credit card holders of your organization 
can be reported on a monthly basis. 

Please review the Information you have entered and click on the "Submit Form" button 
below. 


https://www.mass.gov/forms/data-breach-notification-submission 


3/12/2018 
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Atwood & Moore - Attorneys at Law 


Return Mail Processing Center 

PO Box 6336 

Portland, OR 97228-6336 

IMPORTANT INFORMATION 
PLEASE REVIEW CAREFULLY 

«Maii ID» 

<<Naroe V» 

«Name 2» 

«Address 1» 

«Address 2» 

«Address 3» 

«Address 4» «Date» 

«Address 5» 

<<City»«State»«Zip» 

«Country» 


Dear «Name 1»: 

I am writing with important information regarding a recent security incident. The privacy and security of the 
personal information belonging to our employees and contractors is of the utmost importance to Atwood & Moore. 
As such, we wanted to provide you with information about the incident, explain the services we are making available 
to you, and let you know that we continue to take significant measures to protect your information. 

We recently learned of a security incident that impacted Atwood & Moore’s computer network. Upon learning of the 
issue, we commenced a prompt and thorough investigation. As part of our investigation, we worked very closely with 
external cybersecurity professionals. Since completing our investigation, we concluded that an unknown individual 
may have had access to personal information belonging to our clients. We discovered on February 9, 2018, that the 
compromised information included your full name, bank account information, and Social Security number. 

We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we 
want to make you aware of the incident. 

Securing your personal information is important to us. As a precautionary measure to safeguard your information 
from potential misuse, we have partnered with TransUnion Interactive, a subsidiary of TransUnion® to provide its 
myTrueldentity online credit monitoring service for one year at no charge to you. A description of this product is 
provided in the attached material, which also contains instructions about how to enroll (including your personal 
activation code). If you choose to take advantage of this product, it will provide you with a notification of any changes 
to your credit information, up to $1,000,000 Identity Theft Insurance Coverage and access to your credit report. You 
must complete the enrollment process by June 15, 2018. 

This letter also provides other precautionary measures you can take to protect your personal information, including 
placing a Fraud Alert, placing a Security Freeze, and/or obtaining a free credit report. Because your bank account 
information was impacted, we recommend that you contact your financial institution to inquire about steps you 
can take to further protect your account, including changing your account number. Additionally, you should always 
remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity 
on a regular basis. 

Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal 
information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify 
our practices and internal controls to enhance the security and privacy of your personal information. 


U1711 V.02 03.07.2018 





If you have any further questions regarding this incident, please call our dedicated and confidential toll-free 
response line that we have set up to respond to questions at 877-551-1811. This response line is staffed with 
professionals familiar with this incident and knowledgeable on what you can do to protect against misuse of your 
information. The response line is available Monday through Friday, 9 a.m. to 9 p.m. Eastern time. 


Sincerely, 



B. Jo Atwood Mark S. Moore 

Atwood & Moore Atwood & Moore 


U1712V.02 03.07.2018 





- OTHER IMPORTANT INFORMATION - 
1, Enrolling in Complimentary 12-Month Credit Monitoring . 

As a safeguard, we have arranged for you to enroll, at no cost to you, in an online credit monitoring service 
(myTrueldentity) for one year provided by TransUnion Interactive, a subsidiary of TransUnion®, one of the three 
nationwide credit reporting companies. 

To enroll in this service, go to the wjTrueldentity website at www.mytrueidentity.com and in the space referenced as 
“Enter Activation Code” enter the following 12-letter Activation Code «Insert Unique 12-letter Activation Code» 
and follow the three steps to receive your credit monitoring service online within minutes. 

You can sign up for the online credit monitoring service anytime between now and «Eurollment Date», Due to 
privacy laws, we cannot register you directly, Please note that credit monitoring services might not be available for 
individuals who do not have a credit file with TransUnion, or an address in the United States (or its territories) and a 
valid Social Security number. Enrolling in this service will not affect your credit score. 

Once you are enrolled, you will be able to obtain one year of unlimited access to your TransUnion credit report and 
credit score. The daily credit monitoring service will notify you if there are any critical changes to your credit file 
at TransUnion, including fraud alerts, new inquiries, new accounts, new public records, late payments, change of 
address and more. The service also includes access to an identity restoration program that provides assistance in the 
event your identity is compromised to help you restore your identity and up to $1,000,000 in identity theft insurance 
with no deductible. (Policy limitations and exclusions may apply.) 

If you believe you may be a vict im of identity theft, please call the TransUnion Fraud Response Services toll-free 
hotline at 1-855-288-5422. When prompted, enter the following 6-digit telephone pass code «6 digit pass code» 
to speak to a TransUnion representative about your identity theft, issue. 


2. Placing a Fraud Alert . 

Whether or not you choose to use the complimentary 12 month credit monitoring services, we recommend that you 
place an initial 90-day “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you 
personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus 
at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others. 

TransUnion LLC 

P.O. Box 2000 
Chester, PA 19016 
www.transunion.com 
1-800-680-7289 


Equifax 

P.O. Box 105069 
Atlanta, GA 30348 
www.equifax.com 
1-800-525-6285 


Experian 
P.O. Box 2002 
Allen, TX 75013 
www.experian.com 
1-888-397-3742 


U1713v.02 03.07.201S 



3. 


Consider Placing a Security Freeze on Your Credit File . 


If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” 
be placed on your credit file. A security freeze prohibits, with certain specific exceptions, the consumer reporting 
agencies from releasing your credit report or any information from it without your express authorization. You 
may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide 
credit reporting companies. To find out more on how to place a security freeze, you can use the following contact 
information: 


Equifax Security Freeze 

P.O. Box 105788 
Atlanta, GA 30348 
https://www.freeze.equifax.com 
1-800-685-1111 


Experian Security Freeze 
P.O. Box 9554 
Allen, TX 75013 
http://experian.com/freeze 
1-888-397-3742 


TransUnion Security Freeze 
P.O. Box 2000 
Chester, PA 19016 

http://www.transunion.com/securityfreeze 

1-888-909-8872 


• Your full name (first, middle, last including applicable generation, such as JR., SR., II, III, etc.) 

• Your Social Security number 

• Your date of birth (month, day and year) 

• Your complete address including proof of current address, such as a current utility bill, bank or insurance 
statement or telephone bill 

• If you have moved in the past five (5) years, give your previous addresses where you have lived for the past five 
(5) years 

• A legible photocopy of a government issued identification card (state driver’s license or ID card, military 
identification, etc.) 

• Include applicable fee ($5.00). Call or visit each of the credit reporting company websites listed above for 
information on fees for Security Freeze services. Forms of payment are check, money order, or credit card 
(American Express, Discover, MasterCard and Visa), or a copy of a valid identity theft report, or other valid 
report from a law enforcement agency to show you are a victim of identity theft and are eligible for free Security 
Freeze services. 

The credit reporting agencies have three (3) business days after receiving your request to place a security freeze on 
your credit file report. The credit bureaus must also send written confirmation to you within five (5) business days 
and provide you with a unique personal identification number (PIN) or password, or both, that can be used by you to 
authorize the removal or lifting of the security freeze. 

To lift the security freeze in order to allow a specific entity or individual access to your credit report, you 
must call or send a written request to the credit reporting agencies by mail and include proper identification 
(name, address, and Social Security number) and the PIN number or password provided to you when you placed 
the security freeze, as well as the identities of those entities or individuals you would like to receive your credit 
report or the specific period of time you want the credit report available. The credit reporting agencies have 
three (3) business days after receiving your request to remove the security freeze. 

To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include 
proper identification (name, address, and social security number) and the PIN number or password provided to you 
when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to 
remove the security freeze. 

4. Obtaining a Free Credit Report . 

Under federal law, you are entitled to one free credit report every 12 months from each of the above three 
major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at 
www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any 
accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If 
you have questions or notice incorrect information, contact the credit reporting company. 


U1714V.02 03,07,2018 





5. 


Additional Helpful Resources . 


We recommend that you remain vigilant for incidents of fraud or identity theft by reviewing your account statements 
and monitoring free credit reports for any unauthorized activity. Even if you do not find any suspicious activity on 
your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports 
periodically. Checking your credit report periodically can help you spot problems and address them quickly. 

If you believe you are the victim of identity theft or have reason to believe your personal information has been 
misused, you should immediately contact the FTC and/or the Attorney General’s office in your state. You can 
obtain information from these sources about the steps individuals can take to protect themselves from identity theft 
as well as information about fraud alerts and security freezes. You should also contact your local law enforcement 
authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to 
creditors to correct your records. 

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, 
call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, 
as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also 
File a complaint with the FTC by contacting them on the web at https://www.identitytheft.gov/, by phone at 
1-877-lDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 
600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft 
Data Clearinghouse, where it will be accessible to law enforcement for their investigations, In addition, you may 
obtain information from the FTC about fraud alerts and security freezes. 

6. Obtaining a Police Report . 

Under Massachusetts law, you have the right to obtain any police report filed in regard to this issue. If you are the 
victim of identity theft, you also have the right to file a police report and obtain a copy of it. 
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